Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    125s
  • max time network
    49s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231201-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231201-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2023, 01:45

General

  • Target

    49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe

  • Size

    901KB

  • MD5

    5d8924fefdc3af4f7877292e1ec73488

  • SHA1

    74b10ac14262bd753c144d8c1a5f6858f536eb08

  • SHA256

    49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3

  • SHA512

    bf48e13e1581030eaf7126c2227c095c85e9019baee03bcce92e208aa5b5722ae45a1096ce27226320192d48f8a77e101a4f49e31da3ccf8b410360dfd7b6394

  • SSDEEP

    12288:28shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvBc:v3s4MROxnF9LqrZlI0AilFEvxHioy

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe
    "C:\Users\Admin\AppData\Local\Temp\49147ecaa6fb80734284257327e1f47f18914d5db04487f7c83490872a8e34e3.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:612
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\smqpn4nb.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3156
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES472C.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC472B.tmp"
        3⤵
          PID:3720

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RES472C.tmp

      Filesize

      1KB

      MD5

      0f607b834bf97c26cfdd65a27c34d7db

      SHA1

      4081f1f985a40c743acdc0dadac8f6efb00f008a

      SHA256

      3b8b0fdd694a0bcf9d809761c8e5ed3c91d908918cbf082aa32f937de059ee43

      SHA512

      c46d0080f002f768855d5524dae92e0cb7d9f63c5e9df45b65b1a9f27a625d56a7b644b78197290d9f4e70f8892581c6be61fdd9da53137091a9cc03c9cf2a05

    • C:\Users\Admin\AppData\Local\Temp\smqpn4nb.dll

      Filesize

      76KB

      MD5

      43ca772ec50b60e47fdafbcad80e8178

      SHA1

      6779e3dfce0a69a9f390360e7a055af0faf779f5

      SHA256

      4a5b68f2c20ab5936987d358c37d30f5629fb47cc93e7367da1be09eca3b9099

      SHA512

      ce7adfbd9d31731f7adb96052ea9af5d63172a1baa28e9bfdb6e528316ce130f1e0341239fe9144faba3ff04e90a5625ce08c3586f352e93f6cc0eba596a13b2

    • \??\c:\Users\Admin\AppData\Local\Temp\CSC472B.tmp

      Filesize

      676B

      MD5

      98b83e5d477de7108d38a0bb6b967f98

      SHA1

      a99f96b4d2b0d246ad82b138beae7c3b72268a83

      SHA256

      551427bec4bb717fcd0a335ad721c24497342027c012896c5f1adcde6fa6b2de

      SHA512

      c55d7ea75f2c8d06d11f5c7c0089ed1c4c4577226adddcdd6ccee7c8c6fcc53ac5d3c9ad6e7c7c37ebf798b5cf189e3c6ddf949c0937dd9d44d214aa25075175

    • \??\c:\Users\Admin\AppData\Local\Temp\smqpn4nb.0.cs

      Filesize

      208KB

      MD5

      ba117d63a3bf320357cf8abea2cb56b9

      SHA1

      97d6df9ab0ddde6e876959fe6d0c82bad734b5d3

      SHA256

      0747faa411d2398307705f3d746fab81ec4e7c3245db4f225256f7a93cd77de4

      SHA512

      d4057734d9a427dd74eb073c030bb27b9f2545b2323cff4281cdf8453fcb07603af7afc107ed66c307298c05720b3178bedfc6554ebf85567da4563e1994c608

    • \??\c:\Users\Admin\AppData\Local\Temp\smqpn4nb.cmdline

      Filesize

      349B

      MD5

      0d7e551e7ac61c0720be05ab98b1922e

      SHA1

      82856a204b0c3cbd8b92606a5cb1d51073f54ed1

      SHA256

      454d586c983fdf48b88eee9eaac5be6428ae4987c4e25535cff25b84e157cabf

      SHA512

      f5c1dcd1341c402c931ece3b282905d45006fc1465e9ae4f69e2d288a3d2532a00fbb940d3412920633032e133e31e3e27859a9cabf9f9ca33fc160cac5fe1ef

    • memory/612-7-0x000000001C450000-0x000000001C91E000-memory.dmp

      Filesize

      4.8MB

    • memory/612-25-0x000000001BC40000-0x000000001BC48000-memory.dmp

      Filesize

      32KB

    • memory/612-0-0x00007FFB66530000-0x00007FFB66ED1000-memory.dmp

      Filesize

      9.6MB

    • memory/612-6-0x000000001BF70000-0x000000001BF7E000-memory.dmp

      Filesize

      56KB

    • memory/612-29-0x00000000017F0000-0x0000000001800000-memory.dmp

      Filesize

      64KB

    • memory/612-3-0x00007FFB66530000-0x00007FFB66ED1000-memory.dmp

      Filesize

      9.6MB

    • memory/612-2-0x000000001BD90000-0x000000001BDEC000-memory.dmp

      Filesize

      368KB

    • memory/612-1-0x00000000017F0000-0x0000000001800000-memory.dmp

      Filesize

      64KB

    • memory/612-22-0x000000001D080000-0x000000001D096000-memory.dmp

      Filesize

      88KB

    • memory/612-24-0x000000001BCD0000-0x000000001BCE2000-memory.dmp

      Filesize

      72KB

    • memory/612-8-0x000000001C9C0000-0x000000001CA5C000-memory.dmp

      Filesize

      624KB

    • memory/612-26-0x00000000017F0000-0x0000000001800000-memory.dmp

      Filesize

      64KB

    • memory/612-27-0x00007FFB66530000-0x00007FFB66ED1000-memory.dmp

      Filesize

      9.6MB

    • memory/612-28-0x00000000017F0000-0x0000000001800000-memory.dmp

      Filesize

      64KB

    • memory/3156-14-0x0000000000A70000-0x0000000000A80000-memory.dmp

      Filesize

      64KB